diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb
index 55eefa76d3f33bd0a93caeb752fd3f51d4e0b27c..1c91425f589f8c8f20f09d08964088fb4f80eb34 100644
--- a/app/policies/global_policy.rb
+++ b/app/policies/global_policy.rb
@@ -44,7 +44,7 @@ class GlobalPolicy < BasePolicy
     prevent :log_in
   end
 
-  rule { ~restricted_public_level }.policy do
+  rule { admin | ~restricted_public_level }.policy do
     enable :read_users_list
   end
 end
diff --git a/changelogs/unreleased/35478-allow-admin-to-read-user-list.yml b/changelogs/unreleased/35478-allow-admin-to-read-user-list.yml
new file mode 100644
index 0000000000000000000000000000000000000000..da4b730f0caf254320c173b10eebefa0cdca0580
--- /dev/null
+++ b/changelogs/unreleased/35478-allow-admin-to-read-user-list.yml
@@ -0,0 +1,4 @@
+---
+title: Allow admin to read_users_list even if it's restricted
+merge_request: 13066
+author:
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index bb0fa0c0e9c76a3543bdcdf5f571ba0459398083..c3e2b603c4bf00f29345cb432b35287043fa5d35 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -30,5 +30,25 @@ describe GlobalPolicy, models: true do
         it { is_expected.to be_allowed(:read_users_list) }
       end
     end
+
+    context "for an admin" do
+      let(:current_user) { create(:admin) }
+
+      context "when the public level is restricted" do
+        before do
+          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+        end
+
+        it { is_expected.to be_allowed(:read_users_list) }
+      end
+
+      context "when the public level is not restricted" do
+        before do
+          stub_application_setting(restricted_visibility_levels: [])
+        end
+
+        it { is_expected.to be_allowed(:read_users_list) }
+      end
+    end
   end
 end
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 877bde3b9a682d23d7ea21e31647249678777ee0..66b165b438b74d7d35c3f0b5d147eb86a8346552 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -55,17 +55,22 @@ describe API::Users do
       context "when public level is restricted" do
         before do
           stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
-          allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
         end
 
-        it "renders 403" do
-          get api("/users")
-          expect(response).to have_http_status(403)
+        context 'when authenticate as a regular user' do
+          it "renders 403" do
+            get api("/users", user)
+
+            expect(response).to have_gitlab_http_status(403)
+          end
         end
 
-        it "renders 404" do
-          get api("/users/#{user.id}")
-          expect(response).to have_http_status(404)
+        context 'when authenticate as an admin' do
+          it "renders 200" do
+            get api("/users", admin)
+
+            expect(response).to have_gitlab_http_status(200)
+          end
         end
       end